rancher-partner-charts/charts/speedscale/speedscale-operator/2.2.472/templates/admission.yaml

{{- $cacrt := "" -}}
{{- $crt := "" -}}
{{- $key := "" -}}
{{- $s := (lookup "v1" "Secret" .Release.Namespace "speedscale-webhook-certs") -}}
{{- if $s -}}
{{- $cacrt = index $s.data "ca.crt" | default (index $s.data "tls.crt") | b64dec -}}
{{- $crt = index $s.data "tls.crt" | b64dec -}}
{{- $key = index $s.data "tls.key" | b64dec -}}
{{ else }}
{{- $altNames := list ( printf "speedscale-operator.%s" .Release.Namespace ) ( printf "speedscale-operator.%s.svc" .Release.Namespace ) -}}
{{- $ca := genCA "speedscale-operator" 3650 -}}
{{- $cert := genSignedCert "speedscale-operator" nil $altNames 3650 $ca -}}
{{- $cacrt = $ca.Cert -}}
{{- $crt = $cert.Cert -}}
{{- $key = $cert.Key -}}
{{- end -}}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  creationTimestamp: null
  name: speedscale-operator
  annotations:
    argocd.argoproj.io/hook: PreSync
    {{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
    {{- end }}
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    caBundle: {{ $cacrt | b64enc }}
    service:
      name: speedscale-operator
      namespace: {{ .Release.Namespace }}
      path: /mutate
  failurePolicy: Ignore
  name: sidecar.speedscale.com
  namespaceSelector:
    matchExpressions:
      - key: kubernetes.io/metadata.name
        operator: "NotIn"
        values:
          - kube-system
          - kube-node-lease
    {{- if .Values.namespaceSelector }}
      - key: kubernetes.io/metadata.name
        operator: "In"
        values:
          {{- range .Values.namespaceSelector }}
          - {{ . | quote }}
          {{- end }}
    {{- end }}
  reinvocationPolicy: IfNeeded
  rules:
  - apiGroups:
    - apps
    - batch
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    - DELETE
    resources:
    - deployments
    - statefulsets
    - daemonsets
    - jobs
    - replicasets
  - apiGroups:
    - ""
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    - DELETE
    resources:
    - pods
  - apiGroups:
    - argoproj.io
    apiVersions:
    - "*"
    operations:
    - CREATE
    - UPDATE
    - DELETE
    resources:
    - rollouts
  sideEffects: None
  timeoutSeconds: 10
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  creationTimestamp: null
  name: speedscale-operator-replay
  annotations:
    argocd.argoproj.io/hook: PreSync
    {{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
    {{- end }}
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    caBundle: {{ $cacrt | b64enc }}
    service:
      name: speedscale-operator
      namespace: {{ .Release.Namespace }}
      path: /mutate-speedscale-com-v1-trafficreplay
  failurePolicy: Fail
  name: replay.speedscale.com
  namespaceSelector:
    matchExpressions:
      - key: kubernetes.io/metadata.name
        operator: "NotIn"
        values:
          - kube-system
          - kube-node-lease
    {{- if .Values.namespaceSelector }}
      - key: kubernetes.io/metadata.name
        operator: "In"
        values:
          {{- range .Values.namespaceSelector }}
          - {{ . | quote }}
          {{- end }}
    {{- end }}
  rules:
  - apiGroups:
    - speedscale.com
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - trafficreplays
  sideEffects: None
  timeoutSeconds: 10
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  creationTimestamp: null
  name: speedscale-operator-replay
  annotations:
    argocd.argoproj.io/hook: PreSync
    {{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
    {{- end }}
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    caBundle: {{ $cacrt | b64enc }}
    service:
      name: speedscale-operator
      namespace: {{ .Release.Namespace }}
      path: /validate-speedscale-com-v1-trafficreplay
  failurePolicy: Fail
  name: replay.speedscale.com
  namespaceSelector:
    matchExpressions:
      - key: kubernetes.io/metadata.name
        operator: "NotIn"
        values:
          - kube-system
          - kube-node-lease
    {{- if .Values.namespaceSelector }}
      - key: kubernetes.io/metadata.name
        operator: "In"
        values:
          {{- range .Values.namespaceSelector }}
          - {{ . | quote }}
          {{- end }}
    {{- end }}
  rules:
  - apiGroups:
    - speedscale.com
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    - DELETE
    resources:
    - trafficreplays
  sideEffects: None
  timeoutSeconds: 10
---
apiVersion: v1
kind: Secret
metadata:
  annotations:
    helm.sh/hook: pre-install
    helm.sh/hook-delete-policy: before-hook-creation
    {{- if .Values.globalAnnotations }}
{{ toYaml .Values.globalAnnotations | indent 4}}
    {{- end }}
  creationTimestamp: null
  name: speedscale-webhook-certs
  namespace: {{ .Release.Namespace }}
type: kubernetes.io/tls
data:
  ca.crt: {{ $cacrt | b64enc }}
  tls.crt: {{ $crt | b64enc }}
  tls.key: {{ $key | b64enc }}
Added chart versions: jenkins/jenkins: - 5.7.0 jfrog/artifactory-ha: - 107.90.13 jfrog/artifactory-jcr: - 107.90.13 kong/kong: - 2.42.0 kubecost/cost-analyzer: - 2.4.1 speedscale/speedscale-operator: - 2.2.472 2024-09-27 00:58:24 +00:00			`{{- $cacrt := "" -}}`
			`{{- $crt := "" -}}`
			`{{- $key := "" -}}`
			`{{- $s := (lookup "v1" "Secret" .Release.Namespace "speedscale-webhook-certs") -}}`
			`{{- if $s -}}`
			`{{- $cacrt = index $s.data "ca.crt" \| default (index $s.data "tls.crt") \| b64dec -}}`
			`{{- $crt = index $s.data "tls.crt" \| b64dec -}}`
			`{{- $key = index $s.data "tls.key" \| b64dec -}}`
			`{{ else }}`
			`{{- $altNames := list ( printf "speedscale-operator.%s" .Release.Namespace ) ( printf "speedscale-operator.%s.svc" .Release.Namespace ) -}}`
			`{{- $ca := genCA "speedscale-operator" 3650 -}}`
			`{{- $cert := genSignedCert "speedscale-operator" nil $altNames 3650 $ca -}}`
			`{{- $cacrt = $ca.Cert -}}`
			`{{- $crt = $cert.Cert -}}`
			`{{- $key = $cert.Key -}}`
			`{{- end -}}`
			`---`
			`apiVersion: admissionregistration.k8s.io/v1`
			`kind: MutatingWebhookConfiguration`
			`metadata:`
			`creationTimestamp: null`
			`name: speedscale-operator`
			`annotations:`
			`argocd.argoproj.io/hook: PreSync`
			`{{- if .Values.globalAnnotations }}`
			`{{ toYaml .Values.globalAnnotations \| indent 4}}`
			`{{- end }}`
			`webhooks:`
			`- admissionReviewVersions:`
			`- v1`
			`clientConfig:`
			`caBundle: {{ $cacrt \| b64enc }}`
			`service:`
			`name: speedscale-operator`
			`namespace: {{ .Release.Namespace }}`
			`path: /mutate`
			`failurePolicy: Ignore`
			`name: sidecar.speedscale.com`
			`namespaceSelector:`
			`matchExpressions:`
			`- key: kubernetes.io/metadata.name`
			`operator: "NotIn"`
			`values:`
			`- kube-system`
			`- kube-node-lease`
			`{{- if .Values.namespaceSelector }}`
			`- key: kubernetes.io/metadata.name`
			`operator: "In"`
			`values:`
			`{{- range .Values.namespaceSelector }}`
			`- {{ . \| quote }}`
			`{{- end }}`
			`{{- end }}`
			`reinvocationPolicy: IfNeeded`
			`rules:`
			`- apiGroups:`
			`- apps`
			`- batch`
			`apiVersions:`
			`- v1`
			`operations:`
			`- CREATE`
			`- UPDATE`
			`- DELETE`
			`resources:`
			`- deployments`
			`- statefulsets`
			`- daemonsets`
			`- jobs`
			`- replicasets`
			`- apiGroups:`
			`- ""`
			`apiVersions:`
			`- v1`
			`operations:`
			`- CREATE`
			`- UPDATE`
			`- DELETE`
			`resources:`
			`- pods`
			`- apiGroups:`
			`- argoproj.io`
			`apiVersions:`
			`- "*"`
			`operations:`
			`- CREATE`
			`- UPDATE`
			`- DELETE`
			`resources:`
			`- rollouts`
			`sideEffects: None`
			`timeoutSeconds: 10`
			`---`
			`apiVersion: admissionregistration.k8s.io/v1`
			`kind: MutatingWebhookConfiguration`
			`metadata:`
			`creationTimestamp: null`
			`name: speedscale-operator-replay`
			`annotations:`
			`argocd.argoproj.io/hook: PreSync`
			`{{- if .Values.globalAnnotations }}`
			`{{ toYaml .Values.globalAnnotations \| indent 4}}`
			`{{- end }}`
			`webhooks:`
			`- admissionReviewVersions:`
			`- v1`
			`clientConfig:`
			`caBundle: {{ $cacrt \| b64enc }}`
			`service:`
			`name: speedscale-operator`
			`namespace: {{ .Release.Namespace }}`
			`path: /mutate-speedscale-com-v1-trafficreplay`
			`failurePolicy: Fail`
			`name: replay.speedscale.com`
			`namespaceSelector:`
			`matchExpressions:`
			`- key: kubernetes.io/metadata.name`
			`operator: "NotIn"`
			`values:`
			`- kube-system`
			`- kube-node-lease`
			`{{- if .Values.namespaceSelector }}`
			`- key: kubernetes.io/metadata.name`
			`operator: "In"`
			`values:`
			`{{- range .Values.namespaceSelector }}`
			`- {{ . \| quote }}`
			`{{- end }}`
			`{{- end }}`
			`rules:`
			`- apiGroups:`
			`- speedscale.com`
			`apiVersions:`
			`- v1`
			`operations:`
			`- CREATE`
			`- UPDATE`
			`resources:`
			`- trafficreplays`
			`sideEffects: None`
			`timeoutSeconds: 10`
			`---`
			`apiVersion: admissionregistration.k8s.io/v1`
			`kind: ValidatingWebhookConfiguration`
			`metadata:`
			`creationTimestamp: null`
			`name: speedscale-operator-replay`
			`annotations:`
			`argocd.argoproj.io/hook: PreSync`
			`{{- if .Values.globalAnnotations }}`
			`{{ toYaml .Values.globalAnnotations \| indent 4}}`
			`{{- end }}`
			`webhooks:`
			`- admissionReviewVersions:`
			`- v1`
			`clientConfig:`
			`caBundle: {{ $cacrt \| b64enc }}`
			`service:`
			`name: speedscale-operator`
			`namespace: {{ .Release.Namespace }}`
			`path: /validate-speedscale-com-v1-trafficreplay`
			`failurePolicy: Fail`
			`name: replay.speedscale.com`
			`namespaceSelector:`
			`matchExpressions:`
			`- key: kubernetes.io/metadata.name`
			`operator: "NotIn"`
			`values:`
			`- kube-system`
			`- kube-node-lease`
			`{{- if .Values.namespaceSelector }}`
			`- key: kubernetes.io/metadata.name`
			`operator: "In"`
			`values:`
			`{{- range .Values.namespaceSelector }}`
			`- {{ . \| quote }}`
			`{{- end }}`
			`{{- end }}`
			`rules:`
			`- apiGroups:`
			`- speedscale.com`
			`apiVersions:`
			`- v1`
			`operations:`
			`- CREATE`
			`- UPDATE`
			`- DELETE`
			`resources:`
			`- trafficreplays`
			`sideEffects: None`
			`timeoutSeconds: 10`
			`---`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`annotations:`
			`helm.sh/hook: pre-install`
			`helm.sh/hook-delete-policy: before-hook-creation`
			`{{- if .Values.globalAnnotations }}`
			`{{ toYaml .Values.globalAnnotations \| indent 4}}`
			`{{- end }}`
			`creationTimestamp: null`
			`name: speedscale-webhook-certs`
			`namespace: {{ .Release.Namespace }}`
			`type: kubernetes.io/tls`
			`data:`
			`ca.crt: {{ $cacrt \| b64enc }}`
			`tls.crt: {{ $crt \| b64enc }}`
			`tls.key: {{ $key \| b64enc }}`